CVE-2025-60964
Published: 06 October 2025
Description
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Security Summary
CVE-2025-60964 is an OS Command Injection vulnerability (CWE-78) in EndRun Technologies Sonoma D12 Network Time Server (GPS) firmware version 6010-0071-000 Ver 4.00. Published on 2025-10-06T17:16:07.307, it carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). The vulnerability enables attackers to execute arbitrary code, cause denial of service, gain escalated privileges, obtain sensitive information, and achieve possibly other unspecified impacts.
Attackers require high privileges (PR:H) to exploit this flaw remotely over the network (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Upon successful exploitation, the impact crosses security scope (S:C), resulting in high confidentiality, integrity, and availability effects (C:H/I:H/A:H). Privileged adversaries can thus execute arbitrary operating system commands, disrupt time server operations, further escalate privileges, exfiltrate sensitive data, and pursue additional unspecified consequences.
Advisories detailing mitigations and patches are available from EndRun Technologies at http://endrun.com and http://sonoma.com, along with a vulnerability research advisory at https://xdiv-sec.github.io/vulnerability-research/advisories/2025-10-03-sonoma-d12.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
OS command injection enables remote exploitation of the service (T1210), Unix shell command execution (T1059.004), privilege escalation (T1068), and DoS via application exploitation (T1499.004).